AvailScript Article Script Multiple Input Validation Vulnerabilities

Bugtraq ID:	31095
Class:	Input Validation Error
CVE:	CVE-2008-4371
Remote:	Yes
Local:	No
Published:	Sep 09 2008 12:00AM
Updated:	May 07 2015 05:24PM
Credit:	sl4xUz
Vulnerable:	AvailScript Article Script 0
Not Vulnerable:

AvailScript Article Script Multiple Input Validation Vulnerabilities

AvailScript Article Script is prone to multiple input-validation vulnerabilities, including:

- An SQL-injection vulnerability
- A cross-site scripting vulnerability

An attacker can exploit these issues to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

AvailScript Article Script Multiple Input Validation Vulnerabilities

Attackers can exploit these issues through a browser. To exploit the cross-site scripting vulnerabilities, an attacker must entice an unsuspecting victim to follow a malicious URI.

The following example URIs are available:

http://www.example.com/path/articles.php?aIDS=-1+union+select+1,2,user()--
http://www.example.com/path/articles.php?aIDS=[XSS]

AvailScript Article Script Multiple Input Validation Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

AvailScript Article Script Multiple Input Validation Vulnerabilities

References:

• AvailScript Article Script Homepage (AvailScript)